WP-Safety

Bootstrap Shortcodes Security & Risk Analysis

wordpress.org/plugins/bootstrap-shortcodes

Wordpress plugin to add shortcodes for Twitter Bootstrap 3.3

5K active installs v3.4.4 PHP + WP 3.9+ Updated Mar 10, 2026
bootstrapbuttonsgridshortcodeshortcodes
79
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJan 27, 2023
Plugin page Download
Safety Verdict

Is Bootstrap Shortcodes Safe to Use in 2026?

Mostly Safe

Score 79/100

Bootstrap Shortcodes is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Jan 27, 2023Updated 25d ago
Risk Assessment

The "bootstrap-shortcodes" v3.4.4 plugin demonstrates a generally good security posture with a few notable areas for improvement. The static analysis shows a clean codebase regarding dangerous functions, SQL queries using prepared statements, and controlled file operations. The high percentage of properly escaped output is also a positive indicator. However, the complete absence of nonce checks across all entry points, combined with only two capability checks for 17 shortcodes, represents a significant concern. This lack of robust authorization and integrity checks on user-supplied input for shortcodes creates a potential attack vector.

Key Concerns

  • Missing nonce checks on 17 shortcodes
  • Only 2 capability checks for 17 shortcodes
  • 1 unpatched medium severity CVE
Vulnerabilities
1

Bootstrap Shortcodes Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-4777medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BootStrap Shortcode <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 27, 2023Unpatched
Code Analysis
Analyzed Mar 16, 2026

Bootstrap Shortcodes Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
30 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped32 total outputs
Attack Surface

Bootstrap Shortcodes Attack Surface

Entry Points17
Unprotected0

Shortcodes 17

[bs_notification] inc\bs_alert.php:14
[bs_button] inc\bs_buttons.php:15
[bs_collapse] inc\bs_collapse.php:13
[bs_citem] inc\bs_collapse.php:40
[bs_row] inc\bs_grid.php:13
[bs_col] inc\bs_grid.php:25
[bs_icon] inc\bs_icons.php:12
[bs_label] inc\bs_labels.php:11
[bs_lead] inc\bs_lead.php:11
[bs_tabs] inc\bs_tabs.php:24
[bs_thead] inc\bs_tabs.php:33
[bs_tab] inc\bs_tabs.php:48
[bs_dropdown] inc\bs_tabs.php:66
[bs_tcontents] inc\bs_tabs.php:75
[bs_tcontent] inc\bs_tabs.php:89
[bs_tooltip] inc\bs_tooltip.php:15
[bs_well] inc\bs_well.php:14
WordPress Hooks 5
actioninitbootstrap-shortcodes.php:40
actionadmin_initbootstrap-shortcodes.php:42
actionadmin_menubootstrap-shortcodes.php:43
filtermce_external_pluginsbootstrap-shortcodes.php:64
filtermce_buttons_3bootstrap-shortcodes.php:65
Maintenance & Trust

Bootstrap Shortcodes Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version
Downloads109K

Community Trust

Rating100/100
Number of ratings23
Active installs5K
Alternatives

Bootstrap Shortcodes Alternatives

TW Shortcodes

TW Shortcodes

tw-shortcodes

A
85

TW Shortcodes enables you to easily add "flat design" buttons, icons, pricing tables and more without modifying CSS, HTML or PHP.

10 No CVEs
Elements For Elementor

Elements For Elementor

nd-elements

A
90

The plugin adds some useful elements to the Elementor Page Builder Plugin. All components are full responsive and retina ready.

10K 2 CVEs
WP Shortcode by MyThemeShop

WP Shortcode by MyThemeShop

wp-shortcode

A
85

WP Shortcode is a premium WP plugin for free, that provides easy to use over 24 shortcodes. You can easily add buttons, alerts, videos and more.

10K 1 CVE
Arconix Shortcodes

Arconix Shortcodes

arconix-shortcodes

B
72

Arconix Shortcodes provides a number of useful design elements like buttons, boxes, tabs and toggles to help compliment any website.

4K 1 unpatched
Grid Shortcodes

Grid Shortcodes

grid-shortcodes

A
100

A responsive and easy-to-use tool for dividing your content in your posts/pages. This ultra-lightweight plugin allows you to put your content in colum &hellip;

2K 1 CVE
Developer Profile

Bootstrap Shortcodes Developer Profile

sinetheta

1 plugin · 5K total installs

79
trust score
Avg Security Score
79/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Bootstrap Shortcodes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bootstrap-shortcodes/css/bootstrap.css/wp-content/plugins/bootstrap-shortcodes/css/shortcodes.css/wp-content/plugins/bootstrap-shortcodes/js/bootstrap.js/wp-content/plugins/bootstrap-shortcodes/js/init.js/wp-content/plugins/bootstrap-shortcodes/css/admin.css
Script Paths
/wp-content/plugins/bootstrap-shortcodes/js/plugins/grid.js/wp-content/plugins/bootstrap-shortcodes/js/plugins/tabs.js/wp-content/plugins/bootstrap-shortcodes/js/plugins/collapse.js/wp-content/plugins/bootstrap-shortcodes/js/plugins/alerts.js/wp-content/plugins/bootstrap-shortcodes/js/plugins/wells.js/wp-content/plugins/bootstrap-shortcodes/js/plugins/buttons.js+4 more

HTML / DOM Fingerprints

CSS Classes
alertalert-dismissible
Data Attributes
data-dismissaria-hidden
JS Globals
bs_options
Shortcode Output
<div class="alert alert-<button type="button" class="close" data-dismiss="alert" aria-hidden="true">&times;</button>
FAQ

Frequently Asked Questions about Bootstrap Shortcodes